My Oracle Support Banner

Two Way SSL (Client Verification) Fails When Using GCM Ciphers in Oracle HTTP Server (Doc ID 2284372.1)

Last updated on DECEMBER 25, 2017

Applies to:

Oracle HTTP Server - Version to [Release 12c]
Information in this document applies to any platform.


Using Oracle HTTP Server (OHS) and having configured two way SSL, the connection fails after providing the client certificate.

This may only occur using some browser brands or versions.

Following is directive to configured two way SSL

    SSLVerifyClient require

For example,

<Location /FirstJSP/protected>
 SSLVerifyClient require

An error is shown in the browser after providing the client certificate,

This site can't provide a secure connection
<host.domain> sent an invalid response


OHS debug logging reports that the affected browser is using GCM ciphers with an entry similar to this

OHS:2183 NZ Trace message: Cipher=ECDHE-RSA-AES128-GCM-SHA256

Unaffected browsers will show a different cipher that does not include the GCM string.


 No other changes were made.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.